Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2004-0063
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
nCipher payShield SPP库错误请求验证漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PayShield HSM是nCipher开发的用于信用卡付费机制专用安全交易加速器。 PayShield SPP库存在漏洞,允许使用此库实现的应用程序验证有害的请求。 当一命令通过SPP库发送,库会查询它的HSMs以确保他们能应答和正确工作。当这个检查触发及成功,对起始命令的应答会一直是Status_OK,而不去理会HSM返回的状态代码。 虽然错误消息会打印在payShield日志中,但这个错误却没有和调用的函数进行交流。 此问题只存在于主机端库和主机端应用程序中。已经存在的payShield安装和密钥
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2004-0063
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2004-0063
Please Login to view more intelligence information
New Vulnerabilities
Product: n/a
Vendor: n/a
V. Comments for CVE-2004-0063

No comments yet

Leave a comment